Last updated: 25 Nov 2025

This Privacy Notice explains how GLF Strategic Compliance (“GLF”) handles personal data. We act as Data Controllers for the information we collect through this website and during our business operations.

1. Data We Collect.
We are a B2B professional services provider. We collect data primarily to manage our client relationships and deliver our services. This includes:

• Identity & Contact Data: Names, business email addresses, phone numbers, and job titles of our clients and business partners.
• Financial Data: Information required to manage billing and invoicing (e.g., billing addresses and payment confirmation; note: we do not store card details directly).
• Technical Data: IP addresses and browser data collected automatically when you visit our website (for security and site performance). We do not track or profile users. We only use essential cookies to make our site work.

2. Purpose of Processing.
We process your data under the following lawful bases (GDPR Article 6):

• Performance of Contract: To register you as a new client, deliver our Representative services, and manage the renewal of your mandate.
• Legal Obligation: To comply with tax, accounting, and anti-money laundering (AML) laws.
• Legitimate Interests: To respond to your inquiries, maintain the security of our systems, and keep our business records up to date.

3. Sharing of Data.
We do not sell or share your data with third parties, except where required by law or where service providers support our website or email systems. We may share your data with:

• Service Providers: IT and system administration services (e.g., UENI systems admin), and banking/payment providers (e.g., Wise, Revolut, etc.).
• Professional Advisers: Accountants, lawyers, and insurers who provide consultancy to us.
• Regulators: The ICO, DPC, or other authorities if required by law.

4. International Transfers

As we operate internationally, including in the the UK and the EU, we may transfer data between these jurisdictions.

• UK-EU Flows: Data flows freely between the UK and the EEA based on the EU’s Adequacy Decision for the UK.
• Other Transfers: If we transfer data outside the UK/EEA (e.g., to US service providers), we ensure it is protected by adequate safeguards such as the UK/EU Data Privacy Framework, Standard Contractual Clauses (SCCs), and /or the ICO's International Data Transfer Agreement.

5. Retention.
We retain enquiry information only for as long as necessary to manage communication or as required for business or legal purposes.

6. Your Rights.
Depending on your location, you may have rights to access, correct, delete, or restrict your personal data. Requests may be made to [email protected]. Specific rights may include:

• Access: Request a copy of your personal data.
• Correction: Request correction of inaccurate data.
• Erasure: Request deletion of your data (subject to legal retention rules).
• Object/Restrict: Object to processing or request restriction.

To exercise any of these rights, please email us at [email protected].

For data protection queries relating to the EU General Data Protection Regulation (GDPR), our designated EU Representative is:

Name: BHD Governance EU Ltd

Email: [email protected]

Postal:

BHD Governance EU Ltd (25001)

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork

T23 AT2P

Ireland

This contact point is for regulatory communications and data subject rights requests under EU GDPR. Please include our company name and the reference 25001 when contacting the representative.

7. Your Right to Lodge a Complaint

We hope that we can resolve any query or concern you raise about our use of your information. Please contact us first at [email protected] so we can try to help.

However, if you feel we have not addressed your concern, you have the specific right to lodge a complaint with the relevant Supervisory Authority in your jurisdiction.

• For the UK: You have the right to complain to the Information Commissioner’s Office (ICO).
  Website: www.ico.org.uk
  Helpline: 0303 123 1113

• For the EU / EEA: Our Lead Supervisory Authority is the Data Protection Commission (DPC) in Ireland.
  Website: www.dataprotection.ie
  Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28

8. Security.
We implement reasonable technical and organisational measures to safeguard data transmitted through this site.

9. Consulting Services.
If you engage GLF for privacy, AI governance or other consulting and advisory services, those activities are governed solely by the relevant service agreement, not by this website privacy notice.

10. Changes.
We may update this Notice periodically. Any changes will be posted on this page.

NOTE: GLF collects NO personal data from general users browsing this website, except for information you voluntarily and directly provide to us. The cookie banner displayed on this website is controlled and deployed solely by the UENI platform and is required for the technical operation of the site. UENI has expressly confirmed as follows: If a visitor does not click “Accept,” they are not opted in to any non-essential cookies.